Tag Info

It's a SQL injection attempt, where it's looking to see if it gets used in a query and alters it. Depending on the query where it gets used, it could do nothing or it could do something, but at the very least tells the attacker if it's vulnerable. Simple example, where it does nothing:
If civi had code like this, where it doesn't escape the value:
$reset = ...